On the primitivity of Lai-Massey schemes
This work addresses a security concern for symmetric cryptography designers, but it is incremental as it extends prior studies on other schemes.
The paper tackles the problem of ensuring resistance to imprimitivity attacks in the Lai-Massey scheme, a cryptographic framework, by reducing the primitivity proof to a simpler problem related to Substitution Permutation Networks.
In symmetric cryptography, the round functions used as building blocks for iterated block ciphers are often obtained as the composition of different layers providing confusion and diffusion. The study of the conditions on such layers which make the group generated by the round functions of a block cipher a primitive group has been addressed in the past years, both in the case of Substitution Permutation Networks and Feistel Networks, giving to block cipher designers the receipt to avoid the imprimitivity attack. In this paper a similar study is proposed on the subject of the Lai-Massey scheme, a framework which combines both Substitution Permutation Network and Feistel Network features. Its resistance to the imprimitivity attack is obtained as a consequence of a more general result in which the problem of proving the primitivity of the Lai-Massey scheme is reduced to the simpler one of proving the primitivity of the group generated by the round functions of a strictly related Substitution Permutation Network.